[Openswan Users]
OS2.1.1+linux-2.4.26: pluto falls with Segmentation fault
Anatoly Ershov
it at ostankino.ru
Tue May 18 20:59:06 CEST 2004
Hi!
I have troubles running Openswan 2.1.1 on linux-2.4.26, Debian 3.0:
Pluto fails due to Segmentation fault. Here's syslog lines.
18 18:16:24 ural ipsec_setup: Starting Openswan IPsec 2.1.1...
18 18:16:24 ural ipsec_setup: Using
/lib/modules/2.4.26-p4/kernel/net/ipsec/ipsec.o
May 18 18:16:24 ural kernel: klips_info:ipsec_init: KLIPS startup,
FreeS/WAN IPSec version: 2.1.1
May 18 18:16:24 ural ipsec_setup: KLIPS debug `none'
May 18 18:16:24 ural kernel:
May 18 18:16:24 ural ipsec_setup: KLIPS ipsec0 on eth0
212.12.66.230/255.255.255.192 broadcast 212.12.66.255
May 18 18:16:24 ural ipsec_setup: ...Openswan IPsec started
May 18 18:16:24 ural pluto[5913]: Starting Pluto (Openswan Version 2.1.1
X.509-1.4.8 PLUTO_USES_KEYRR)
May 18 18:16:24 ural pluto[5913]: including NAT-Traversal patch
(Version 0.6c) [disabled]
May 18 18:16:24 ural pluto[5913]: Using KLIPS IPsec interface code
May 18 18:16:24 ural pluto[5913]: Changing to directory
'/etc/ipsec.d/cacerts'
May 18 18:16:24 ural pluto[5913]: loaded cacert file 'ttc-ca.crt'
(3881 bytes)
May 18 18:16:24 ural pluto[5913]: Changing to directory '/etc/ipsec.d/crls'
May 18 18:16:24 ural pluto[5913]: loaded crl file 'ttc-ca.crl' (1787
bytes)
May 18 18:16:24 ural ipsec__plutorun: /usr/local/lib/ipsec/_plutorun:
line 1: 5913 Segmentation fault /usr/local/libexec/ipsec/pluto
--nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d
--debug-dns --uniqueids
May 18 18:16:24 ural ipsec__plutorun: whack: is Pluto running?
connect() for "/var/run/pluto.ctl" failed (111 Connection refused)
May 18 18:16:24 ural ipsec__plutorun: !pluto failure!: exited with
error status 139 (signal 11)
I succeeded to run openswan built from the same source with the same
openswan-patched vanilla kernel on Debian/testing; both kernel and
openswan are built on machines, on which they are run. On Debian/testing
pluto failed in the same manner, until I put "plutodebug=all" in
ipsec.conf; "none" and, say, "dns" will bring to SegFault. On
Debian/stable (3.0) it just dies.
I tried to build gmp-4.1.3 from source and link openswan programs with
it, instead of installed libgmp3{,-dev} packages (ver. 4.0.1-3) -- it
doesn't help.
Any ideas? May be, too long keys I used in building x509 certificates --
4096 for CA?
Two barfs are placed here:
http://age.pp.ru/~ershov/barf.ural.bz2 -- from openswan linked with
stock libgmp3
http://age.pp.ru/~ershov/barf.ural+gmp-4.1.3.bz2 -- from that linked
with gmp-4.1.3 taken from its home site.
Sincerely,
Anatoly
More information about the Users
mailing list